US20220166785A1 - Data center security system - Google Patents
Data center security system Download PDFInfo
- Publication number
- US20220166785A1 US20220166785A1 US17/529,824 US202117529824A US2022166785A1 US 20220166785 A1 US20220166785 A1 US 20220166785A1 US 202117529824 A US202117529824 A US 202117529824A US 2022166785 A1 US2022166785 A1 US 2022166785A1
- Authority
- US
- United States
- Prior art keywords
- sensor
- data center
- fixture
- monitoring system
- monitoring device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012806 monitoring device Methods 0.000 claims abstract description 63
- 238000012544 monitoring process Methods 0.000 claims abstract description 50
- 238000000034 method Methods 0.000 claims abstract description 11
- 230000003287 optical effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 19
- 230000004913 activation Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 3
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005259 measurement Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 239000004020 conductor Substances 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 239000000853 adhesive Substances 0.000 description 1
- 230000001070 adhesive effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 230000002618 waking effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
- G08B13/12—Mechanical actuation by the breaking or disturbance of stretched cords or wires
- G08B13/126—Mechanical actuation by the breaking or disturbance of stretched cords or wires for a housing, e.g. a box, a safe, or a room
- G08B13/128—Mechanical actuation by the breaking or disturbance of stretched cords or wires for a housing, e.g. a box, a safe, or a room the housing being an electronic circuit unit, e.g. memory or CPU chip
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
- G08B13/12—Mechanical actuation by the breaking or disturbance of stretched cords or wires
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/16—Actuation by interference with mechanical vibrations in air or other fluid
- G08B13/1609—Actuation by interference with mechanical vibrations in air or other fluid using active vibration detection systems
- G08B13/1618—Actuation by interference with mechanical vibrations in air or other fluid using active vibration detection systems using ultrasonic detection means
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/18—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength
- G08B13/181—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using active radiation detection systems
- G08B13/183—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using active radiation detection systems by interruption of a radiation beam or barrier
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/18—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength
- G08B13/189—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems
- G08B13/194—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems
- G08B13/196—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using image scanning and comparing systems using television cameras
Definitions
- Embodiments of the present invention are directed towards data center security systems, including security systems for server racks and cabinets.
- Data centers house a variety of types of equipment, some of which contain valuable information. Access to data centers may be restricted in some cases to authorized persons. However, additional safeguards would be beneficial for further securing the equipment and information from unauthorized access within data centers.
- Embodiments of the present invention are directed toward data center monitoring systems.
- the system includes at least one sensor configured to be attached to a fixture in a data center, wherein the at least one sensor is configured to transmit a wireless signal for detecting an unauthorized access attempt to the fixture.
- the system also includes at least one monitoring device configured to communicate with the at least one sensor, wherein the at least one monitoring device is configured to receive a signal from the at least one sensor indicative of the unauthorized access attempt to the fixture.
- a data center monitoring system comprises a plurality of server racks located in a data center and a plurality of sensors each configured to be attached to a respective server rack. Each sensor is configured to transmit a wireless signal for detecting an unauthorized access attempt to the server rack.
- the system further includes at least one monitoring device configured to communicate with each of the plurality of sensors, wherein the at least one monitoring device is configured to receive a signal from each of the plurality of sensors indicative of an unauthorized access attempt to a respective server rack.
- a method for monitoring a data center includes transmitting a wireless signal with at least one sensor attached to a fixture in a data center for detecting an unauthorized access attempt to the fixture.
- the method includes receiving a signal at a monitoring device from the at least one sensor indicative of the unauthorized access attempt to the fixture.
- FIG. 1 is a front view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 2 is a top view of the data center monitoring system shown in FIG. 1 .
- FIG. 3 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 4 is a perspective view of a data center monitoring system according to another embodiment of the present invention.
- FIG. 5 is a perspective view and a detail view of a data center monitoring system according to another embodiment of the present invention.
- FIG. 6 is a perspective view illustrating various states of a sensor in a data monitoring system according to one embodiment.
- FIG. 7 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 8 is a partial perspective view of a data center monitoring system according to another embodiment of the present invention.
- FIG. 9 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 10 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 11 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 12A illustrates a sensor and a reflective component according to one embodiment of the present invention.
- FIG. 12B illustrates a sensor and a reflective component according to another embodiment of the present invention.
- FIG. 12C illustrates the reflection of signals between a sensor and different reflective components according to embodiments of the present invention.
- FIG. 13 illustrates another example of a sensor and a reflective component according to one embodiment of the present invention.
- FIG. 14 is a perspective view of a data center monitoring system according to one embodiment of the present invention.
- FIG. 15 is a partial perspective view of a data center monitoring system showing an access control point in an armed state according to one embodiment of the present invention.
- FIG. 16 is a partial perspective view of a data center monitoring system showing an access control point in a disarmed state according to one embodiment of the present invention.
- server racks for storing various types and quantities of computer and/or network equipment, (e.g., servers, computers, hard drives, media storage, routers, hubs, network switches, etc.).
- the server rack may define an enclosure that is configured to secure various computer and/or network equipment that is only able to be accessed by authorized personnel, such as described in the following embodiments.
- Many different forms of server racks may be employed, including those with doors (e.g., a cabinet) or no doors.
- Embodiments of the present invention provide security systems for protecting equipment from theft in a data center environment that may include valuable data as well as providing various data regarding accesses or attempted accesses to the equipment.
- a data center environment may include valuable data as well as providing various data regarding accesses or attempted accesses to the equipment.
- the system shown and described herein is suitable for monitoring and/or securing various items in other settings, such as for example, a retail, residential, or commercial environment, and is not intended to be limited to use only as a system for protecting against theft and/or monitoring equipment in a data center environment.
- the system 10 generally comprises one or more fixtures 14 , sensors 16 (specific sensor types are also referenced herein as 16 A, 16 B, 16 C), and monitoring devices 18 .
- the fixture 14 may be an existing or off-the-shelf device, such as a server rack cabinet, and the sensor 18 is configured to be attached to the fixture.
- FIG. 1 shows a plurality of sensors 16 A, 16 B, 16 C coupled to respective fixtures 14 .
- Each sensor 16 may be coupled to the fixture 14 in any desired manner, such as via adhesive, brackets, and/or fasteners.
- the monitoring device 18 may be any device (e.g., a controller, hub, gateway, computer, server, and/or cloud device) configured to communicate with one or more sensors 16 .
- the monitoring device 18 may be a hub configured to communicate with a plurality of sensors 16 .
- the monitoring device 18 may be a computer (e.g., tablet, laptop, or desktop computer) that is configured to communicate with one or more sensors 16 and/or one or more hubs to facilitate data transfer (see, e.g., FIGS. 8 and 9 ). It is understood that any number of monitoring devices 18 may be employed in the system 10 .
- FIG. 8 and 9 any number of monitoring devices 18 may be employed in the system 10 .
- the system 10 may include one or more junction boxes 20 that are configured to couple to a plurality of sensors 16 A, 16 B, 16 C. It is understood that the junction boxes 20 may connect to any desired number of sensors 16 .
- the junction boxes 20 may include input ports for facilitating an electrical connection with respective cable connectors.
- the junction boxes 20 may be used, for instance, to allow multiple sensors 16 to monitor respective fixtures 14 or to provide multiple sensors per each fixture (e.g. for monitoring access points such as a front and rear opening of the fixture as shown in FIG. 2 ).
- the sensors 16 may be arranged in a “daisy chain” using one or more junction boxes 20 (see, e.g., FIG. 4 ).
- junction boxes 20 may be configured to facilitate data transfer between the monitoring device 18 and the sensors 14 .
- the monitoring device 18 may be configured to facilitate communication with a plurality of sensors 16 and/or junction boxes 20 via wired (e.g., one or more cables 19 as shown in FIGS. 1-2 ) or wireless means (e.g., FIG. 9 ).
- the monitoring device 18 and/or junction boxes 20 may be omitted.
- the sensors 16 (or sensor array) may be configured to perform the functionality of the monitoring device 18 and/or the junction boxes 20 , which may provide for more flexibility of installation and power conservation.
- one or more sensors 16 (or sensor arrays) may be operably connected to an access control point 42 .
- one or more sensors 16 (or sensor arrays) may be configured to operably connect to a power-over-ethernet (“PoE”) cable for data and power transmission.
- PoE power-over-ethernet
- the access control point 42 may be configured to operably connect to a plurality of sensors 16 (or sensor arrays), while each sensor or sensor array may have its own POE connection.
- each sensor 16 or sensor array may have its own unique identifier (e.g., via IP address or serial number) for access control and auditing purposes.
- the sensors 16 or sensor array
- the sensors 16 and/or the monitoring device 18 may include wireless communications circuitry for communicating with one another using any desired communications protocol (e.g., Bluetooth, LoRa, Wi-Fi, radiofrequency, etc.).
- the sensor 16 and monitoring device 18 may be located remotely from one another (e.g., the sensors may be located in a data center, while the monitoring device may be at a location that is not in the data center). In some cases, the monitoring device 18 may be located at some fixed location in proximity to one or more sensors 16 (e.g., attached to a fixture 14 ). In other instances, the sensors 16 and the monitoring device 18 may communicate over a cloud network.
- the sensors 16 and the monitoring device 18 are electrically connected via hard wiring (see, e.g., FIG. 1 ), and the monitoring device may have wireless communications circuitry for communicating with other monitoring devices or remote computing devices.
- sensors 16 used in the system 10 (e.g., hundreds in a large data center) that are configured to communicate with one or more monitoring devices 18 . Moreover, a plurality of sensors 16 may form a single assembly or array for each fixture 14 . In order to facilitate long range communications that could potentially have interference from various fixtures, products, and even people in a data center, a communications scheme in the sub-gig range may be desirable in some embodiments (e.g., the LoRa protocol). Long range communication protocols of this nature may minimize repeaters and a more difficult initial setup, as well as help maintain connectivity when the sensors 16 are moved around in the data center at some point after installation. In one embodiment, the sensor 16 may require authorization to facilitate communication with the monitoring device 18 .
- the senor 16 may receive an authorization signal via a long-range communication signal from the monitoring device 18 to activate the sensor. Another signal could also be sent from the monitoring device 18 to the sensor instructing the sensor to deactivate. Despite the foregoing, it is understood that the sensor 16 and monitoring device 18 may communicate via wired means if desired.
- the sensor 16 may be configured to communicate with an electronic key 24 configured to activate, unlock, and/or reset the sensor.
- each of the fixtures 14 may include an interface for communicating with an electronic key 24 for accessing the fixture (e.g., to unlock a door to a server cabinet or to allow authorized access to the equipment).
- the electronic key 24 may be configured to interface with the fixture 14 or any component of the system 10 (e.g., an access control point 42 mounted on the fixture) for authorizing a user to access the fixture 14 (see, e.g., FIGS. 14 and 15 ). Communication between the electronic key 24 and the access control point 42 may be wireless in some cases.
- access may be granted when a code stored on the electronic key 24 matches a code stored in memory at the access control point 42 .
- the electronic key 24 could be similar to that disclosed in U.S. Publ. No. 2011/0254661, entitled Programmable Security System and Method for Protecting Merchandise, the disclosure of which is incorporated herein by reference in its entirety.
- access control points 42 may be used according to additional embodiments, including those where an electronic key 24 is not required.
- a pin pad, biometrics, etc. may be used to allow access to the fixture 14 .
- the access control point 42 may operate in conjunction with a ticketing system in which a user is granted a predetermined period of time to access the fixture 14 .
- access management and maintenance may be managed through a ticketing system where certain fixtures 14 are assigned to a technician to perform maintenance.
- the user may be required to provide input to confirm that the technician is present.
- the user may be required to provide a hand gesture indicative of a symbol, letter, word, etc. that confirms that the user is present.
- the hand gesture may be made within the transmission path or “light curtain” of the sensors 16 (discussed below) so that the sensors may be configured to detect the gesture and in some cases, confirm and/or record the gesture for auditing purposes.
- FIGS. 15 and 16 illustrate embodiments where the access control point 42 includes an interface for an electronic key 24 and a visible indicator 44 .
- the visible indictor 44 may be configured to change in color based on the state of the access control point (e.g., armed, disarmed, access, or breach).
- the visible indicator 44 may be configured to change colors when the access control point 42 transitions from an armed state to a disarmed state. In the disarmed state, a user may be able to access contents within the fixture 14 without generating an alarm signal. However, in the disarmed state, data representing access and access attempts may be monitored and recorded by the monitoring device 18 for audit purposes.
- the visible indicator 44 may be configured to transition to another color when there is an authorized or unauthorized access attempt so that the user knows that the access or attempt has been detected.
- the monitoring device 18 may be configured to automatically rearm after a predetermined period of time after being disarmed to ensure that the monitoring device is armed. Thus, a user may be allowed a limited amount of time before the system 10 is rearmed.
- the visible indicator 44 may be configured to flash or transition to another color when the end of the predetermined period of time before rearming is nearing.
- the sensor 16 may utilize various sensing techniques to detect unauthorized access attempts to the fixture 14 , such as an attempt to remove or tamper a server without authorization.
- FIGS. 1-2 show that the sensors 16 A, 16 B, 16 C may employ physical, visual, and/or optical sensing for such purposes.
- FIGS. 5-9 illustrate an embodiment using a physical security sensor 16 A.
- the sensor 16 may include a security device 22 that is configured to be operated by an electronic key 24 .
- the security device 22 is configured to cooperate with the electronic key 24 for locking and/or unlocking a lock mechanism for accessing the fixture 14 .
- the electronic key 24 is also configured to arm and disarm an alarm circuit.
- the sensor 16 A generally includes a base 26 configured to be secured to the fixture 14 .
- sensor 16 A may include an alarm circuit that is configured to be armed and/or disarmed with the electronic key 24 .
- the sensor 16 A may simply provide mechanical security for securing the sensor to the fixture 14 .
- the sensor 16 A further includes a tether 28 that is configured to extend and retract relative to the base 26 .
- the tether 28 may be coupled to base 26 at one end and the security device 22 at an opposite end.
- the tether 28 may be any suitable cable, cord, or the like, and in some cases, may be flexible.
- the tether 28 is coupled to a recoiler that is wound within the base 26 and is configured to unwind as tension is applied to the end of the tether.
- FIG. 5 shows that the tether 28 may be extended the length of the fixture 14 for at least partially blocking access to the fixture such that any attempted removal of equipment contained by the fixture 14 would require removing the tether.
- the security device 22 may lock the tether 28 in its extended position such as by locking the security device to the fixture 14 .
- the security device 22 may lock to an end of the tether 28 such that unlocking the security device allows the tether to retract within the base 26 .
- the end of the tether 28 may include a connector or other engagement member that is configured to be engaged with and disengaged from the security device 22 .
- the security device 22 may include a wireless interface (e.g., IR or inductive interface) that is configured to communicate with the electronic key 24 for locking and/or unlocking the lock mechanism of the security device.
- the tether 28 provides mechanical security only, while in other embodiments, the tether may include one or more conductors electrically connected to an alarm circuit.
- the sensor 16 A may be configured to detect when the tether 28 is cut or removed from the base 26 in an unauthorized manner or if the tether has been displaced (see, e.g., FIG. 6 ).
- the tether 28 may include both a cut resistant cable and conductors, although only a cut-resistant cable may be utilized if desired.
- the base 26 may include a sensor that is configured to be activated upon unauthorized removal of the base from the fixture 14 , and the sensor may in electrical communication with an alarm circuit.
- the sensor may be a pressure or plunger switch.
- the senor 16 A and/or base 26 may include an alarm circuit configured to detect activation thereof and to generate an audible and/or a visible alarm signal in response to such activation.
- the sensor 16 A may be configured to detect the activation and notify a monitoring device 18 for generating an alarm signal and/or sending a notification to a remote device 30 (see, e.g., FIG. 8 showing an alert message including the location and time of breach).
- the senor 16 may utilize vision technology (see, e.g., FIG. 10 ).
- one or more cameras may be used for monitoring a fixture 14 .
- FIG. 2 shows that sensors 16 B in the form of cameras may be located on a front and rear surface of a fixture 14 for monitoring different access points to the fixture.
- the sensor 16 B may utilize machine learning or artificial intelligence (“AI”) for obtaining various types of data and monitoring activities at the fixture 14 .
- the camera could be positioned to view items contained by the fixture 14 , the fixture itself, and/or locations around the fixture.
- the camera may also be configured to obtain details related to the items, fixture 14 , and/or humans interacting with the fixture.
- FIG. 10 shows that the camera may be configured to identify a specific zone, location, or piece of equipment associated with a fixture 14 (e.g., interaction at “U 24 - 36 ”).
- the camera may be configured to record and/or communicate this information to the monitoring device 18 .
- the system 10 also includes a computerized machine learning or AI model including various data and algorithms.
- the model may reside on the monitoring device 18 and/or sensor 16 B.
- the cameras may be configured to communicate data to the monitoring device 18 for taking various actions, such as providing notification of various events (e.g., theft attempt), such as via messages or alerts to one or more remote devices 30 .
- the cameras 48 ′ may be configured to execute the model and communicate directly with one or more remote devices 30 (e.g., using a cloud network).
- the model may be populated with various information to facilitate analysis and predictions of various types of information and behaviors in a data center environment.
- types of information that may be provided to the model include photographs and/or geometries of the equipment and/or fixtures 14 , identifying information on the equipment and/or fixtures (e.g., barcodes or QR codes), flashing LEDs or light source signatures or patterns sensors 16 , sounds originating from the system 10 , details regarding the surroundings (e.g., layout of fixtures within a data center), particular motions or behaviors that are indicative of an authorized or unauthorized access attempt, etc.
- This example model would be configured to detect and/or predict various information relevant to the system including, but not limited to, determining whether access attempts are authorized or unauthorized.
- the sonic time of flight, light, and/or ultrasonic signals may employ sonic time of flight, light, and/or ultrasonic signals.
- ultrasonic frequencies may be used to measure the time of flight of the sound pulse.
- the sensor 16 C is configured to emit a light signal (e.g., infrared) that is used to obtain a distance measurement.
- the sensor 16 C may employ optical signals for detecting activity at the fixture 14 (see, e.g., FIG. 11 ).
- the sensor 16 is an array of optical emitters. The array of sensors 16 could be arranged along at least a portion of the width of the fixture 14 or the entire width of the fixture.
- the array of sensors 16 could define a “light curtain” that is configured to cover the entire access opening of the fixture 14 .
- the sensor 16 C may be located along a top surface of the fixture 14 and be configured to generate a signal towards a bottom surface of the fixture or vice versa.
- the signals may be various types of signals such as, for example, encoded or unique signals that are difficult to replicate or otherwise spoof.
- the sensor(s) 16 C may be used to detect unauthorized activity at the fixture 14 (e.g., attempting to access a server rack or remove equipment from a server rack).
- the sensor 16 C may include an emitter configured to emit a signal (e.g., sound or light) that is configured to bounce (or reflect) off the fixture 14 or any other designated target and then return to the emitter.
- the sensor 16 C may be a transceiver configured to transmit and receive signals in some embodiments. Using the speed of the signal and the time between the ping, the return distance can be measured. With a known fixture 14 size (e.g., a height of a server cabinet), the presence of an item or person can be calculated. In some cases, distance could also be measured based on the return signal, which could be used to determine how many items are stored on a particular fixture 14 .
- the sensor 16 C may use sonic power (amplitude) for determining the presence of items or persons.
- the sensor 16 C may be configured to measure the decay of amplitude of the returning signal. The further the wave travels, the lower the power level becomes. By setting an expected threshold for decay, one could determine if any item or person is located between the sensor 16 C and the target on the fixture 14 .
- additional sensors 16 C may be used to communicate with the emitter, such as a receiver, to detect access attempts to the fixture 14 .
- an array of emitters may be located along a top surface of the fixture 14 while an array of receivers may be located along a bottom surface of the fixture, although the array of emitters and receivers could be located at any desired location.
- a location of the sensor 16 C or array of sensors could be adjustable, such as for accommodating different sizes and configurations of fixtures 14 to ensure that the access points to the fixture are sufficiently secure.
- the sensor 16 C or array of sensors may be mounted to a track or bracket to facilitate adjustment in or more directions (e.g., X, Y, and/or Z directions).
- the adjustability of the location of the sensor 16 C or array of sensors may also be helpful in ensuring that the field of view is directed in an accurate manner relative to the fixture 14 and equipment contained therein.
- the field of view of the sensor 16 C or array of sensors may be adjustable for a similar purpose. For instance, the angle of the field of view may be adjustable.
- one or more sensors 16 C may emit a signal (e.g., a light signal) that is bounced or reflected back to the sensor. Measuring time-of-flight of such signals may be used to monitor attempted access to the fixture 14 .
- the sensor(s) 16 C may emit signal(s) that are reflected back to the sensor with only some of the reflected signals being detected by the sensor (see, e.g., FIG. 12A ).
- the system 10 may include a reflective component 40 that is configured to reflect the signals transmitted by the one or more sensors 16 .
- the reflective component 40 is a reflective strip, such as tape.
- the reflective component 40 is a retroreflective tape, which facilitates the detection of a greater number of return signals than a conventional reflector.
- the retroreflective tape is configured to collect all or mostly all of the signals emitted by the sensor 16 C versus only the signals directly below the sensor (e.g., compare FIGS. 12A-C ).
- Retroreflective tape may be configured to refract incident light signals such that the light signals exit in the same direction that they arrived.
- use of a retroreflective tape may enable greater control over the field-of-view of the sensor(s) 16 C.
- the sensor(s) 16 C may be located along a top edge of the fixture 14 , while the reflective component 40 may be located along a bottom edge of the fixture. In this way, the reflective component 40 may be located a predetermined distance from the sensor(s) 16 C, and time-of-flight may be used to determine if there is an interruption in the signals or if an object is placed between the sensor(s) 16 C and the reflective component 40 . Thus, signals transmitted and received by the sensor(s) 16 C may be used to detect unauthorized access attempts.
- a non-reflective component may be employed. Where a non-reflective component is used (e.g., a dark or absorptive component), there would be no return signal transmitted back to the sensor 16 C. Thus, in the normal operating mode, the sensor 16 C would not detect any reflective signals. In this way, the sensor 16 C may be configured to detect a reflective signal indicative of an unauthorized access attempt, which may result from a hand or object being placed within the path of the signal transmitted by the sensor.
- the sensors 16 C may be configured to auto-calibrate in real-time or on a periodic basis to ensure that accurate measurements are taken and/or that unauthorized access attempts are detected. For instance, if the sensor 16 C is moved from its installed location on the fixture 14 and/or the reflective component 40 is tampered with in some way, the sensor may be configured to detect the unauthorized tampering. Thus, different types of unauthorized access may be able to be detected (e.g., an attempt to access the fixture or fixture contents versus an attempt to tamper with the sensors or other components of the system 10 ).
- various types of sensing modalities may be employed in addition to those disclosed here, such as, for example, capacitive sensors. For instance, a capacitive sensor may be configured to detect electrical properties to determine the presence of a user or access attempt.
- the sensor 16 may have a power source (e.g., battery) for providing power for operating the wireless communications circuitry, as well as any other components requiring power (e.g., an emitter). In other cases, an external power source may be provided, such as via the monitoring device 18 or junction box 20 .
- the sensor 16 may be configured to “wake up” only periodically to take a measurement. This could be a predefined time period, such as every 15 minutes, or it could have a more sophisticated control. For example, the sensor 16 could be programmed to wake up more often during peak times of the day and wake up less often (or not at all) during certain hours (e.g., after hours).
- the senor 16 may have a clock time link via the monitoring device 18 to know what time of day it is. This schedule could also be set automatically by the system 10 (as opposed to a user-inputted schedule) by the system watching and learning over time about what times the data center and fixtures are accessed and adjusting the scanning schedule appropriately. Thus, in some embodiments, the sensor 16 may not be required to have external power or a large battery, which may extend the life of the sensor. In some cases, the sensor 16 , upon waking up and detecting any item or person, could enter into a higher-scan mode (e.g., scanning more frequently than the standard predefined time period) for some specified period of time. For example, the high-scan mode can be used to measure when any item is removed or accessed and report that to the system 10 .
- a higher-scan mode e.g., scanning more frequently than the standard predefined time period
- the high-scan mode can be used to measure when any item is removed or accessed and report that to the system 10 .
- a plurality of sensors 16 may communicate with one monitoring device 18 .
- the monitoring device 18 may be configured to monitor a plurality of signals provided by the sensors 16 .
- each sensor 16 may be wirelessly paired to a monitoring device 18 , such as, for example, via Bluetooth communication. Pairing may include the exchange of a particular code or identifier that associates a sensor 16 with a monitoring device 18 .
- An authorized user may initiate communication between a sensor 16 and a monitoring device 18 for pairing or unpairing with one another, such as by pressing an actuator on the sensor and/or the monitoring device. Therefore, any number of sensors 16 may be added to or removed from the system 10 , and likewise a plurality of monitoring devices 18 may be employed.
- the sensor 16 and/or the monitoring device 18 may further be configured to facilitate communication with one or more remote devices 30 (e.g., smartphone or tablet or computer) for providing notification regarding various events and/or data (see, e.g., FIG. 9 ).
- FIGS. 8-9 show that status (e.g., an authorized access attempt) may be communicated to a remote device 30 .
- Such communication could occur, for instance, over one or more wireless communication protocols.
- a private local network 25 may be used to facilitate communication between the sensor 16 and a monitoring device 18 (e.g., via the LoRa network or Wi-Fi network or Ethernet connection), and public network 35 could be sent to the remote device 30 (e.g., via a cloud network).
- the senor 16 and/or the monitoring device 18 may be configured to generate an alarm signal should an unauthorized access attempt be detected.
- reports may be generated at the associate device 20 and/or monitoring device 18 which may be used to collect and manage data regarding each of the sensors 16 and/or monitoring devices 18 .
- FIG. 7 shows that the system 10 may further include one or more cameras 32 .
- the cameras 32 may be configured to monitor any desired component, such as for example, the sensors 16 and/or fixtures 14 .
- the cameras 32 may be configured to simply record images or video or could further include functionality to communicate data to and from each of the sensors, such as via light-based communication.
- the monitoring device 18 could take the form of a camera 32 for obtaining various information from the sensors 16 .
- a device 20 may have a set-up mode used to associate the sensor 16 with a specific fixture 14 or equipment stored by the fixture.
- the set-up mode could be initiated with a button push or other mechanism that is activated by the installer on the sensor 16 .
- an identifier on the sensor 16 may be associated with an identifier on the fixture 14 .
- a device 20 may be configured to scan a UPC or QR code on both the sensor 16 and the fixture 14 and/or equipment to associate the two.
- Embodiments of the present invention may utilize similar technology as that disclosed in U.S. Pat. Nos. 10,140,824, 10,535,239, PCT Publication No. WO 2020/227513, U.S. Publ. No. 2021/0264754, PCT Publication No. WO 2020/198473, International Appl. No. PCT/US2021/070993, and U.S. Provisional Appl. No. 63/059,280, the contents of which are each hereby incorporated by reference in their entirety herein.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Alarm Systems (AREA)
- Burglar Alarm Systems (AREA)
Abstract
Sensors, systems, and methods for data center security are provided. In one example, a data center monitoring system includes at least one sensor configured to be attached to a fixture in a data center. The sensor is configured to transmit a wireless signal for detecting an unauthorized access attempt to the fixture. The system also includes at least one monitoring device configured to communicate with the at least one sensor. The monitoring device is configured to receive a signal from the at least one sensor indicative of the unauthorized access attempt to the fixture.
Description
- This application is a non-provisional of and claims the benefits of priority to U.S. Provisional Application No. 63/187,747, filed on May 12, 2021; U.S. Provisional Application No. 63/178,909, filed on Apr. 23, 2021; and U.S. Provisional Application No. 63/116,562, filed on Nov. 20, 2020, the entire contents of each of which are hereby incorporated by reference.
- Embodiments of the present invention are directed towards data center security systems, including security systems for server racks and cabinets.
- Data centers house a variety of types of equipment, some of which contain valuable information. Access to data centers may be restricted in some cases to authorized persons. However, additional safeguards would be beneficial for further securing the equipment and information from unauthorized access within data centers.
- Embodiments of the present invention are directed toward data center monitoring systems. In one example, the system includes at least one sensor configured to be attached to a fixture in a data center, wherein the at least one sensor is configured to transmit a wireless signal for detecting an unauthorized access attempt to the fixture. The system also includes at least one monitoring device configured to communicate with the at least one sensor, wherein the at least one monitoring device is configured to receive a signal from the at least one sensor indicative of the unauthorized access attempt to the fixture.
- In another embodiment, a data center monitoring system comprises a plurality of server racks located in a data center and a plurality of sensors each configured to be attached to a respective server rack. Each sensor is configured to transmit a wireless signal for detecting an unauthorized access attempt to the server rack. The system further includes at least one monitoring device configured to communicate with each of the plurality of sensors, wherein the at least one monitoring device is configured to receive a signal from each of the plurality of sensors indicative of an unauthorized access attempt to a respective server rack.
- In another embodiment, a method for monitoring a data center is provided. The method includes transmitting a wireless signal with at least one sensor attached to a fixture in a data center for detecting an unauthorized access attempt to the fixture. In addition, the method includes receiving a signal at a monitoring device from the at least one sensor indicative of the unauthorized access attempt to the fixture.
-
FIG. 1 is a front view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 2 is a top view of the data center monitoring system shown inFIG. 1 . -
FIG. 3 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 4 is a perspective view of a data center monitoring system according to another embodiment of the present invention. -
FIG. 5 is a perspective view and a detail view of a data center monitoring system according to another embodiment of the present invention. -
FIG. 6 is a perspective view illustrating various states of a sensor in a data monitoring system according to one embodiment. -
FIG. 7 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 8 is a partial perspective view of a data center monitoring system according to another embodiment of the present invention. -
FIG. 9 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 10 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 11 is a partial perspective view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 12A illustrates a sensor and a reflective component according to one embodiment of the present invention. -
FIG. 12B illustrates a sensor and a reflective component according to another embodiment of the present invention. -
FIG. 12C illustrates the reflection of signals between a sensor and different reflective components according to embodiments of the present invention. -
FIG. 13 illustrates another example of a sensor and a reflective component according to one embodiment of the present invention. -
FIG. 14 is a perspective view of a data center monitoring system according to one embodiment of the present invention. -
FIG. 15 is a partial perspective view of a data center monitoring system showing an access control point in an armed state according to one embodiment of the present invention. -
FIG. 16 is a partial perspective view of a data center monitoring system showing an access control point in a disarmed state according to one embodiment of the present invention. - Referring to the accompanying figures wherein identical reference numerals denote the same elements throughout the various views, the illustrated embodiments of methods and systems according to the present invention are capable of monitoring a variety of equipment in a data center environment, such as for example, server racks for storing various types and quantities of computer and/or network equipment, (e.g., servers, computers, hard drives, media storage, routers, hubs, network switches, etc.). The server rack may define an enclosure that is configured to secure various computer and/or network equipment that is only able to be accessed by authorized personnel, such as described in the following embodiments. Many different forms of server racks may be employed, including those with doors (e.g., a cabinet) or no doors. Embodiments of the present invention provide security systems for protecting equipment from theft in a data center environment that may include valuable data as well as providing various data regarding accesses or attempted accesses to the equipment. Although described in relation for use in a data center environment, the system shown and described herein is suitable for monitoring and/or securing various items in other settings, such as for example, a retail, residential, or commercial environment, and is not intended to be limited to use only as a system for protecting against theft and/or monitoring equipment in a data center environment.
- According to one embodiment, the
system 10 generally comprises one ormore fixtures 14, sensors 16 (specific sensor types are also referenced herein as 16A, 16B, 16C), andmonitoring devices 18. In some embodiments, thefixture 14 may be an existing or off-the-shelf device, such as a server rack cabinet, and thesensor 18 is configured to be attached to the fixture. For example,FIG. 1 shows a plurality ofsensors respective fixtures 14. Eachsensor 16 may be coupled to thefixture 14 in any desired manner, such as via adhesive, brackets, and/or fasteners. - The
monitoring device 18 may be any device (e.g., a controller, hub, gateway, computer, server, and/or cloud device) configured to communicate with one ormore sensors 16. For instance, themonitoring device 18 may be a hub configured to communicate with a plurality ofsensors 16. In other cases, themonitoring device 18 may be a computer (e.g., tablet, laptop, or desktop computer) that is configured to communicate with one ormore sensors 16 and/or one or more hubs to facilitate data transfer (see, e.g.,FIGS. 8 and 9 ). It is understood that any number ofmonitoring devices 18 may be employed in thesystem 10. Furthermore,FIG. 1 demonstrates that in one embodiment, thesystem 10 may include one ormore junction boxes 20 that are configured to couple to a plurality ofsensors junction boxes 20 may connect to any desired number ofsensors 16. Thejunction boxes 20 may include input ports for facilitating an electrical connection with respective cable connectors. Thejunction boxes 20 may be used, for instance, to allowmultiple sensors 16 to monitorrespective fixtures 14 or to provide multiple sensors per each fixture (e.g. for monitoring access points such as a front and rear opening of the fixture as shown inFIG. 2 ). Thus, in some embodiments, thesensors 16 may be arranged in a “daisy chain” using one or more junction boxes 20 (see, e.g.,FIG. 4 ). In addition, thejunction boxes 20 may be configured to facilitate data transfer between themonitoring device 18 and thesensors 14. Thus, themonitoring device 18 may be configured to facilitate communication with a plurality ofsensors 16 and/orjunction boxes 20 via wired (e.g., one ormore cables 19 as shown inFIGS. 1-2 ) or wireless means (e.g.,FIG. 9 ). - In some embodiments, the
monitoring device 18 and/orjunction boxes 20 may be omitted. In this case, the sensors 16 (or sensor array) may be configured to perform the functionality of themonitoring device 18 and/or thejunction boxes 20, which may provide for more flexibility of installation and power conservation. In this regard, one or more sensors 16 (or sensor arrays) may be operably connected to anaccess control point 42. In addition, one or more sensors 16 (or sensor arrays) may be configured to operably connect to a power-over-ethernet (“PoE”) cable for data and power transmission. For example, theaccess control point 42 may be configured to operably connect to a plurality of sensors 16 (or sensor arrays), while each sensor or sensor array may have its own POE connection. In this configuration, eachsensor 16 or sensor array may have its own unique identifier (e.g., via IP address or serial number) for access control and auditing purposes. In some cases, the sensors 16 (or sensor array) may include a separate battery backup in the event of a power loss so that the sensors or sensor array may continue to operate as intended. - The
sensors 16 and/or themonitoring device 18 may include wireless communications circuitry for communicating with one another using any desired communications protocol (e.g., Bluetooth, LoRa, Wi-Fi, radiofrequency, etc.). Thesensor 16 andmonitoring device 18 may be located remotely from one another (e.g., the sensors may be located in a data center, while the monitoring device may be at a location that is not in the data center). In some cases, themonitoring device 18 may be located at some fixed location in proximity to one or more sensors 16 (e.g., attached to a fixture 14). In other instances, thesensors 16 and themonitoring device 18 may communicate over a cloud network. In some embodiments, thesensors 16 and themonitoring device 18 are electrically connected via hard wiring (see, e.g.,FIG. 1 ), and the monitoring device may have wireless communications circuitry for communicating with other monitoring devices or remote computing devices. - There may be any number of
sensors 16 used in the system 10 (e.g., hundreds in a large data center) that are configured to communicate with one ormore monitoring devices 18. Moreover, a plurality ofsensors 16 may form a single assembly or array for eachfixture 14. In order to facilitate long range communications that could potentially have interference from various fixtures, products, and even people in a data center, a communications scheme in the sub-gig range may be desirable in some embodiments (e.g., the LoRa protocol). Long range communication protocols of this nature may minimize repeaters and a more difficult initial setup, as well as help maintain connectivity when thesensors 16 are moved around in the data center at some point after installation. In one embodiment, thesensor 16 may require authorization to facilitate communication with themonitoring device 18. For example, thesensor 16 may receive an authorization signal via a long-range communication signal from themonitoring device 18 to activate the sensor. Another signal could also be sent from themonitoring device 18 to the sensor instructing the sensor to deactivate. Despite the foregoing, it is understood that thesensor 16 andmonitoring device 18 may communicate via wired means if desired. - In some embodiments, the
sensor 16 may be configured to communicate with an electronic key 24 configured to activate, unlock, and/or reset the sensor. Similarly, each of thefixtures 14 may include an interface for communicating with anelectronic key 24 for accessing the fixture (e.g., to unlock a door to a server cabinet or to allow authorized access to the equipment). The electronic key 24 may be configured to interface with thefixture 14 or any component of the system 10 (e.g., anaccess control point 42 mounted on the fixture) for authorizing a user to access the fixture 14 (see, e.g.,FIGS. 14 and 15 ). Communication between theelectronic key 24 and theaccess control point 42 may be wireless in some cases. In one example, access may be granted when a code stored on the electronic key 24 matches a code stored in memory at theaccess control point 42. For example, the electronic key 24 could be similar to that disclosed in U.S. Publ. No. 2011/0254661, entitled Programmable Security System and Method for Protecting Merchandise, the disclosure of which is incorporated herein by reference in its entirety. - It is understood that various types of access control points 42 may be used according to additional embodiments, including those where an
electronic key 24 is not required. For example, a pin pad, biometrics, etc. may be used to allow access to thefixture 14. In other embodiments, theaccess control point 42 may operate in conjunction with a ticketing system in which a user is granted a predetermined period of time to access thefixture 14. For example, access management and maintenance may be managed through a ticketing system wherecertain fixtures 14 are assigned to a technician to perform maintenance. Once at the authorizedfixture 14, the user may be required to provide input to confirm that the technician is present. For instance, the user may be required to provide a hand gesture indicative of a symbol, letter, word, etc. that confirms that the user is present. In some cases, the hand gesture may be made within the transmission path or “light curtain” of the sensors 16 (discussed below) so that the sensors may be configured to detect the gesture and in some cases, confirm and/or record the gesture for auditing purposes. -
FIGS. 15 and 16 illustrate embodiments where theaccess control point 42 includes an interface for anelectronic key 24 and avisible indicator 44. Thevisible indictor 44 may be configured to change in color based on the state of the access control point (e.g., armed, disarmed, access, or breach). For example, thevisible indicator 44 may be configured to change colors when theaccess control point 42 transitions from an armed state to a disarmed state. In the disarmed state, a user may be able to access contents within thefixture 14 without generating an alarm signal. However, in the disarmed state, data representing access and access attempts may be monitored and recorded by themonitoring device 18 for audit purposes. Moreover, thevisible indicator 44 may be configured to transition to another color when there is an authorized or unauthorized access attempt so that the user knows that the access or attempt has been detected. In some cases, themonitoring device 18 may be configured to automatically rearm after a predetermined period of time after being disarmed to ensure that the monitoring device is armed. Thus, a user may be allowed a limited amount of time before thesystem 10 is rearmed. Thevisible indicator 44 may be configured to flash or transition to another color when the end of the predetermined period of time before rearming is nearing. - The
sensor 16 may utilize various sensing techniques to detect unauthorized access attempts to thefixture 14, such as an attempt to remove or tamper a server without authorization. For instance,FIGS. 1-2 show that thesensors FIGS. 5-9 illustrate an embodiment using aphysical security sensor 16A. In this regard, thesensor 16 may include asecurity device 22 that is configured to be operated by anelectronic key 24. In some cases, thesecurity device 22 is configured to cooperate with theelectronic key 24 for locking and/or unlocking a lock mechanism for accessing thefixture 14. In some embodiments, theelectronic key 24 is also configured to arm and disarm an alarm circuit.FIG. 5 shows that thesensor 16A generally includes a base 26 configured to be secured to thefixture 14. In one example,sensor 16A may include an alarm circuit that is configured to be armed and/or disarmed with theelectronic key 24. However, in other embodiments, thesensor 16A may simply provide mechanical security for securing the sensor to thefixture 14. Thesensor 16A further includes atether 28 that is configured to extend and retract relative to thebase 26. Thetether 28 may be coupled tobase 26 at one end and thesecurity device 22 at an opposite end. Thetether 28 may be any suitable cable, cord, or the like, and in some cases, may be flexible. In one embodiment, thetether 28 is coupled to a recoiler that is wound within thebase 26 and is configured to unwind as tension is applied to the end of the tether. For instance,FIG. 5 shows that thetether 28 may be extended the length of thefixture 14 for at least partially blocking access to the fixture such that any attempted removal of equipment contained by thefixture 14 would require removing the tether. Thesecurity device 22 may lock thetether 28 in its extended position such as by locking the security device to thefixture 14. Thesecurity device 22 may lock to an end of thetether 28 such that unlocking the security device allows the tether to retract within thebase 26. The end of thetether 28 may include a connector or other engagement member that is configured to be engaged with and disengaged from thesecurity device 22. Thesecurity device 22 may include a wireless interface (e.g., IR or inductive interface) that is configured to communicate with theelectronic key 24 for locking and/or unlocking the lock mechanism of the security device. - In some embodiments, the
tether 28 provides mechanical security only, while in other embodiments, the tether may include one or more conductors electrically connected to an alarm circuit. Thus, thesensor 16A may be configured to detect when thetether 28 is cut or removed from the base 26 in an unauthorized manner or if the tether has been displaced (see, e.g.,FIG. 6 ). In other embodiments, thetether 28 may include both a cut resistant cable and conductors, although only a cut-resistant cable may be utilized if desired. Moreover, thebase 26 may include a sensor that is configured to be activated upon unauthorized removal of the base from thefixture 14, and the sensor may in electrical communication with an alarm circuit. For example, the sensor may be a pressure or plunger switch. Thus, thesensor 16A and/orbase 26 may include an alarm circuit configured to detect activation thereof and to generate an audible and/or a visible alarm signal in response to such activation. For example, thesensor 16A may be configured to detect the activation and notify amonitoring device 18 for generating an alarm signal and/or sending a notification to a remote device 30 (see, e.g.,FIG. 8 showing an alert message including the location and time of breach). - In another embodiment, the
sensor 16 may utilize vision technology (see, e.g., FIG. 10). For example, one or more cameras may be used for monitoring afixture 14. For instance,FIG. 2 shows thatsensors 16B in the form of cameras may be located on a front and rear surface of afixture 14 for monitoring different access points to the fixture. In one embodiment, thesensor 16B may utilize machine learning or artificial intelligence (“AI”) for obtaining various types of data and monitoring activities at thefixture 14. The camera could be positioned to view items contained by thefixture 14, the fixture itself, and/or locations around the fixture. The camera may also be configured to obtain details related to the items,fixture 14, and/or humans interacting with the fixture. For example,FIG. 10 shows that the camera may be configured to identify a specific zone, location, or piece of equipment associated with a fixture 14 (e.g., interaction at “U24-36”). The camera may be configured to record and/or communicate this information to themonitoring device 18. - In one embodiment, the
system 10 also includes a computerized machine learning or AI model including various data and algorithms. In some instances, the model may reside on themonitoring device 18 and/orsensor 16B. For instance, the cameras may be configured to communicate data to themonitoring device 18 for taking various actions, such as providing notification of various events (e.g., theft attempt), such as via messages or alerts to one or moreremote devices 30. Alternatively, the cameras 48′ may be configured to execute the model and communicate directly with one or more remote devices 30 (e.g., using a cloud network). The model may be populated with various information to facilitate analysis and predictions of various types of information and behaviors in a data center environment. For example, types of information that may be provided to the model include photographs and/or geometries of the equipment and/orfixtures 14, identifying information on the equipment and/or fixtures (e.g., barcodes or QR codes), flashing LEDs or light source signatures orpatterns sensors 16, sounds originating from thesystem 10, details regarding the surroundings (e.g., layout of fixtures within a data center), particular motions or behaviors that are indicative of an authorized or unauthorized access attempt, etc. This example model would be configured to detect and/or predict various information relevant to the system including, but not limited to, determining whether access attempts are authorized or unauthorized. - In another embodiment, the
sensor 16C may employ sonic time of flight, light, and/or ultrasonic signals. In one particular example, ultrasonic frequencies may be used to measure the time of flight of the sound pulse. In other cases, thesensor 16C is configured to emit a light signal (e.g., infrared) that is used to obtain a distance measurement. In another embodiment, thesensor 16C may employ optical signals for detecting activity at the fixture 14 (see, e.g.,FIG. 11 ). In some cases, thesensor 16 is an array of optical emitters. The array ofsensors 16 could be arranged along at least a portion of the width of thefixture 14 or the entire width of the fixture. In some cases, the array ofsensors 16 could define a “light curtain” that is configured to cover the entire access opening of thefixture 14. Thesensor 16C may be located along a top surface of thefixture 14 and be configured to generate a signal towards a bottom surface of the fixture or vice versa. The signals may be various types of signals such as, for example, encoded or unique signals that are difficult to replicate or otherwise spoof. As noted above, the sensor(s) 16C may be used to detect unauthorized activity at the fixture 14 (e.g., attempting to access a server rack or remove equipment from a server rack). - The
sensor 16C may include an emitter configured to emit a signal (e.g., sound or light) that is configured to bounce (or reflect) off thefixture 14 or any other designated target and then return to the emitter. Thus, thesensor 16C may be a transceiver configured to transmit and receive signals in some embodiments. Using the speed of the signal and the time between the ping, the return distance can be measured. With a knownfixture 14 size (e.g., a height of a server cabinet), the presence of an item or person can be calculated. In some cases, distance could also be measured based on the return signal, which could be used to determine how many items are stored on aparticular fixture 14. In another example, thesensor 16C may use sonic power (amplitude) for determining the presence of items or persons. In this embodiment, thesensor 16C may be configured to measure the decay of amplitude of the returning signal. The further the wave travels, the lower the power level becomes. By setting an expected threshold for decay, one could determine if any item or person is located between thesensor 16C and the target on thefixture 14. In other embodiments,additional sensors 16C may be used to communicate with the emitter, such as a receiver, to detect access attempts to thefixture 14. For example, an array of emitters may be located along a top surface of thefixture 14 while an array of receivers may be located along a bottom surface of the fixture, although the array of emitters and receivers could be located at any desired location. In one embodiment, a location of thesensor 16C or array of sensors could be adjustable, such as for accommodating different sizes and configurations offixtures 14 to ensure that the access points to the fixture are sufficiently secure. For instance, thesensor 16C or array of sensors may be mounted to a track or bracket to facilitate adjustment in or more directions (e.g., X, Y, and/or Z directions). The adjustability of the location of thesensor 16C or array of sensors may also be helpful in ensuring that the field of view is directed in an accurate manner relative to thefixture 14 and equipment contained therein. Similarly, the field of view of thesensor 16C or array of sensors may be adjustable for a similar purpose. For instance, the angle of the field of view may be adjustable. - According to other embodiments, one or
more sensors 16C may emit a signal (e.g., a light signal) that is bounced or reflected back to the sensor. Measuring time-of-flight of such signals may be used to monitor attempted access to thefixture 14. In some cases, the sensor(s) 16C may emit signal(s) that are reflected back to the sensor with only some of the reflected signals being detected by the sensor (see, e.g.,FIG. 12A ). In other cases, thesystem 10 may include areflective component 40 that is configured to reflect the signals transmitted by the one ormore sensors 16. In one example, thereflective component 40 is a reflective strip, such as tape.FIG. 12B shows an embodiment where thereflective component 40 is a retroreflective tape, which facilitates the detection of a greater number of return signals than a conventional reflector. In other words, the retroreflective tape is configured to collect all or mostly all of the signals emitted by thesensor 16C versus only the signals directly below the sensor (e.g., compareFIGS. 12A-C ). Retroreflective tape may be configured to refract incident light signals such that the light signals exit in the same direction that they arrived. Moreover, use of a retroreflective tape may enable greater control over the field-of-view of the sensor(s) 16C. Thus, more focused signal(s) may be emitted by the sensor(s) 16C which may provide for better range and/or more accurate monitoring and detection of access attempts. As shown inFIGS. 12A-B , the sensor(s) 16C may be located along a top edge of thefixture 14, while thereflective component 40 may be located along a bottom edge of the fixture. In this way, thereflective component 40 may be located a predetermined distance from the sensor(s) 16C, and time-of-flight may be used to determine if there is an interruption in the signals or if an object is placed between the sensor(s) 16C and thereflective component 40. Thus, signals transmitted and received by the sensor(s) 16C may be used to detect unauthorized access attempts. - It is understood that other techniques may be used to determine if there is an unauthorized access attempt. For example, rather than using reflective properties, e.g., using a reflective component, a non-reflective component may be employed. Where a non-reflective component is used (e.g., a dark or absorptive component), there would be no return signal transmitted back to the
sensor 16C. Thus, in the normal operating mode, thesensor 16C would not detect any reflective signals. In this way, thesensor 16C may be configured to detect a reflective signal indicative of an unauthorized access attempt, which may result from a hand or object being placed within the path of the signal transmitted by the sensor. Moreover, thesensors 16C may be configured to auto-calibrate in real-time or on a periodic basis to ensure that accurate measurements are taken and/or that unauthorized access attempts are detected. For instance, if thesensor 16C is moved from its installed location on thefixture 14 and/or thereflective component 40 is tampered with in some way, the sensor may be configured to detect the unauthorized tampering. Thus, different types of unauthorized access may be able to be detected (e.g., an attempt to access the fixture or fixture contents versus an attempt to tamper with the sensors or other components of the system 10). Moreover, it is understood that various types of sensing modalities may be employed in addition to those disclosed here, such as, for example, capacitive sensors. For instance, a capacitive sensor may be configured to detect electrical properties to determine the presence of a user or access attempt. - The
sensor 16 may have a power source (e.g., battery) for providing power for operating the wireless communications circuitry, as well as any other components requiring power (e.g., an emitter). In other cases, an external power source may be provided, such as via themonitoring device 18 orjunction box 20. In one embodiment, thesensor 16 may be configured to “wake up” only periodically to take a measurement. This could be a predefined time period, such as every 15 minutes, or it could have a more sophisticated control. For example, thesensor 16 could be programmed to wake up more often during peak times of the day and wake up less often (or not at all) during certain hours (e.g., after hours). For instance, thesensor 16 may have a clock time link via themonitoring device 18 to know what time of day it is. This schedule could also be set automatically by the system 10 (as opposed to a user-inputted schedule) by the system watching and learning over time about what times the data center and fixtures are accessed and adjusting the scanning schedule appropriately. Thus, in some embodiments, thesensor 16 may not be required to have external power or a large battery, which may extend the life of the sensor. In some cases, thesensor 16, upon waking up and detecting any item or person, could enter into a higher-scan mode (e.g., scanning more frequently than the standard predefined time period) for some specified period of time. For example, the high-scan mode can be used to measure when any item is removed or accessed and report that to thesystem 10. - In some embodiments, a plurality of
sensors 16 may communicate with onemonitoring device 18. Thus, themonitoring device 18 may be configured to monitor a plurality of signals provided by thesensors 16. In some instances, eachsensor 16 may be wirelessly paired to amonitoring device 18, such as, for example, via Bluetooth communication. Pairing may include the exchange of a particular code or identifier that associates asensor 16 with amonitoring device 18. An authorized user may initiate communication between asensor 16 and amonitoring device 18 for pairing or unpairing with one another, such as by pressing an actuator on the sensor and/or the monitoring device. Therefore, any number ofsensors 16 may be added to or removed from thesystem 10, and likewise a plurality ofmonitoring devices 18 may be employed. - The
sensor 16 and/or themonitoring device 18 may further be configured to facilitate communication with one or more remote devices 30 (e.g., smartphone or tablet or computer) for providing notification regarding various events and/or data (see, e.g.,FIG. 9 ).FIGS. 8-9 show that status (e.g., an authorized access attempt) may be communicated to aremote device 30. Such communication could occur, for instance, over one or more wireless communication protocols. For instance, a privatelocal network 25 may be used to facilitate communication between thesensor 16 and a monitoring device 18 (e.g., via the LoRa network or Wi-Fi network or Ethernet connection), andpublic network 35 could be sent to the remote device 30 (e.g., via a cloud network). In other embodiments, thesensor 16 and/or themonitoring device 18 may be configured to generate an alarm signal should an unauthorized access attempt be detected. In some embodiments, reports may be generated at theassociate device 20 and/ormonitoring device 18 which may be used to collect and manage data regarding each of thesensors 16 and/ormonitoring devices 18. - Moreover,
FIG. 7 shows that thesystem 10 may further include one ormore cameras 32. Thecameras 32 may be configured to monitor any desired component, such as for example, thesensors 16 and/orfixtures 14. Thecameras 32 may be configured to simply record images or video or could further include functionality to communicate data to and from each of the sensors, such as via light-based communication. Thus, in some embodiments, themonitoring device 18 could take the form of acamera 32 for obtaining various information from thesensors 16. - In some embodiments, a
device 20 may have a set-up mode used to associate thesensor 16 with aspecific fixture 14 or equipment stored by the fixture. The set-up mode could be initiated with a button push or other mechanism that is activated by the installer on thesensor 16. In some cases, an identifier on thesensor 16 may be associated with an identifier on thefixture 14. For example, adevice 20 may be configured to scan a UPC or QR code on both thesensor 16 and thefixture 14 and/or equipment to associate the two. - Embodiments of the present invention may utilize similar technology as that disclosed in U.S. Pat. Nos. 10,140,824, 10,535,239, PCT Publication No. WO 2020/227513, U.S. Publ. No. 2021/0264754, PCT Publication No. WO 2020/198473, International Appl. No. PCT/US2021/070993, and U.S. Provisional Appl. No. 63/059,280, the contents of which are each hereby incorporated by reference in their entirety herein.
- The foregoing has described one or more embodiments of systems and methods for data center security. Although embodiments of the present invention have been shown and described, it will be apparent to those skilled in the art that various modifications thereto can be made without departing from the spirit and scope of the invention. Accordingly, the foregoing description is provided for the purpose of illustration only, and not for the purpose of limitation.
Claims (25)
1. A data center monitoring system comprising:
at least one sensor configured to be attached to a fixture in a data center, wherein the at least one sensor is configured to transmit a wireless signal for detecting an unauthorized access attempt to the fixture; and
at least one monitoring device configured to communicate with the at least one sensor, wherein the at least one monitoring device is configured to receive a signal from the at least one sensor indicative of the unauthorized access attempt to the fixture.
2. The data center monitoring system of claim 1 , wherein the fixture is a server rack or server cabinet.
3. The data center monitoring system of claim 1 , wherein the fixture defines an enclosure within an access opening, and wherein the at the at least one sensor is configured to transmit the wireless signal for detecting unauthorized access into the opening.
4. The data center monitoring system of claim 1 , wherein the at least one sensor or the at least one monitoring device is configured to communicate a notification message to one or more remote devices.
5. The data center monitoring system of claim 1 , wherein the at least one sensor is configured to wirelessly communicate with the at least one monitoring device.
6. The data center monitoring system of claim 1 , wherein the at least one sensor is electrically connected to the at least one monitoring device via one or more cables.
7. The data center monitoring system of claim 1 , wherein the at least one monitoring device is a controller.
8. The data center monitoring system of claim 1 , wherein the at least one monitoring device is a computer.
9. The data center monitoring system of claim 1 , further comprising a plurality of sensors, each sensor coupled to a respective fixture.
10. The data center monitoring system of claim 9 , wherein the at least one monitoring device is configured to communicate with each of the plurality of sensors.
11. The data center monitoring system of claim 1 , further comprising a junction box configured to communicate with the at least one sensor and the at least one monitoring device.
12. The data center monitoring system of claim 11 , wherein the junction box is configured to electrically connect to a plurality of sensors.
13. The data center monitoring system of claim 1 , wherein the wireless signal is at least one optical signal for detecting an unauthorized access attempt to the fixture.
14. The data center monitoring system of claim 1 , wherein the at least one sensor is an array of sensors configured to transmit a plurality of optical signals for detecting an unauthorized access attempt to the fixture.
15. The data center monitoring system of claim 1 , further comprising a camera for capturing one or more images of the fixture.
16. The data center monitoring system of claim 1 , further comprising an access control point coupled to the fixture and configured to control access to the fixture.
17. The data center monitoring system of claim 16 , wherein the access control point is configured to communicate with a key for arming or disarming the access control point.
18. The data center monitoring system of claim 1 , wherein the wireless signal is at least one light signal for detecting an unauthorized access attempt to the fixture.
19. The data center monitoring system of claim 18 , further comprising a reflective component spaced a predetermined distance from the at least one sensor, wherein the reflective component is configured to reflect the at least one light signal back to the at least one sensor.
20. The data center monitoring system of claim 19 , wherein the reflective component comprises a retroreflective tape.
21. The data center monitoring system of claim 1 , wherein the at least one sensor is configured to detect an interruption in the wireless signal.
22. The data center monitoring system of claim 21 , wherein the at least one sensor is configured to detect an interruption in the wireless signal using time of flight.
23. A data center monitoring system comprising:
a plurality of server racks located in a data center;
a plurality of sensors each configured to be attached to a respective server rack, each sensor configured to transmit a wireless signal for detecting an unauthorized access attempt to the server rack; and
at least one monitoring device configured to communicate with each of the plurality of sensors, the at least one monitoring device configured to receive a signal from each of the plurality of sensors indicative of an unauthorized access attempt to a respective server rack.
24. A method for monitoring a data center comprising:
transmitting a wireless signal with at least one sensor attached to a fixture in a data center for detecting an unauthorized access attempt to the fixture; and
receiving a signal at a monitoring device from the at least one sensor indicative of the unauthorized access attempt to the fixture.
25. The method of claim 24 , wherein transmitting comprises transmitting at least one optical signal with the at least one sensor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/529,824 US20220166785A1 (en) | 2020-11-20 | 2021-11-18 | Data center security system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US202063116562P | 2020-11-20 | 2020-11-20 | |
US202163178909P | 2021-04-23 | 2021-04-23 | |
US202163187747P | 2021-05-12 | 2021-05-12 | |
US17/529,824 US20220166785A1 (en) | 2020-11-20 | 2021-11-18 | Data center security system |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220166785A1 true US20220166785A1 (en) | 2022-05-26 |
Family
ID=81658695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/529,824 Pending US20220166785A1 (en) | 2020-11-20 | 2021-11-18 | Data center security system |
Country Status (2)
Country | Link |
---|---|
US (1) | US20220166785A1 (en) |
WO (1) | WO2022109137A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230231886A1 (en) * | 2022-01-20 | 2023-07-20 | Dell Products L.P. | Detecting physical anomalies of a computing environment using machine learning techniques |
US11758669B2 (en) | 2021-06-22 | 2023-09-12 | Invue Security Products Inc. | Data center security systems and devices |
US11849561B2 (en) | 2021-12-22 | 2023-12-19 | In Vue Security Products Inc. | Data center security systems and devices |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090293136A1 (en) * | 2008-05-21 | 2009-11-26 | International Business Machines Corporation | Security system to prevent tampering with a server blade |
US8528101B1 (en) * | 2011-09-20 | 2013-09-03 | Amazon Technologies, Inc. | Integrated physical security control system for computing resources |
US20180131449A1 (en) * | 2015-05-18 | 2018-05-10 | Lasermotive, Inc. | Multi-layered safety system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005241556A (en) * | 2004-02-27 | 2005-09-08 | Optex Co Ltd | Passive-type infrared detector and obstruction detection system used therefor |
US20110241881A1 (en) * | 2010-04-06 | 2011-10-06 | Christopher Badinelli | Systems and methods for optical secure alarmed protective fiber distribution systems and management |
US10964180B2 (en) * | 2018-05-30 | 2021-03-30 | Hewlett Packard Enterprise Development Lp | Intrustion detection and notification device |
-
2021
- 2021-11-18 US US17/529,824 patent/US20220166785A1/en active Pending
- 2021-11-18 WO PCT/US2021/059892 patent/WO2022109137A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090293136A1 (en) * | 2008-05-21 | 2009-11-26 | International Business Machines Corporation | Security system to prevent tampering with a server blade |
US8528101B1 (en) * | 2011-09-20 | 2013-09-03 | Amazon Technologies, Inc. | Integrated physical security control system for computing resources |
US20180131449A1 (en) * | 2015-05-18 | 2018-05-10 | Lasermotive, Inc. | Multi-layered safety system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11758669B2 (en) | 2021-06-22 | 2023-09-12 | Invue Security Products Inc. | Data center security systems and devices |
US11864335B2 (en) | 2021-06-22 | 2024-01-02 | Invue Security Products, Inc. | Data center security systems and devices |
US11849561B2 (en) | 2021-12-22 | 2023-12-19 | In Vue Security Products Inc. | Data center security systems and devices |
US20230231886A1 (en) * | 2022-01-20 | 2023-07-20 | Dell Products L.P. | Detecting physical anomalies of a computing environment using machine learning techniques |
Also Published As
Publication number | Publication date |
---|---|
WO2022109137A1 (en) | 2022-05-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220166785A1 (en) | Data center security system | |
US10706703B1 (en) | Service entrance alarm system and methods of using the same | |
US11388181B2 (en) | Cable assembly disturbance detection method | |
EP3440646B1 (en) | Security sensing method and apparatus | |
US7295112B2 (en) | Integral security apparatus for remotely placed network devices | |
US20090212920A1 (en) | Intelligent asset protection system | |
US20130099922A1 (en) | Motion and Area Monitoring System and Method | |
US20070080806A1 (en) | Anti-theft security device and perimeter detection system | |
US7323979B2 (en) | Dual technology glass breakage detector | |
CN109727441A (en) | Warehouse monitoring system based on Zigbee wireless network | |
US11893877B2 (en) | Security system including automation notification and surveillance integration | |
US20180324194A1 (en) | System and method for detecting a disturbance on a physical transmission line | |
EP3292545A1 (en) | A system, method and apparatuses for electronic article surveillance | |
US6308272B1 (en) | Security system using existing network and personal computers | |
US12012776B2 (en) | Merchandise display security systems and methods | |
US20240193312A1 (en) | Data center security system | |
US20200342747A1 (en) | Alarm system | |
KR100646396B1 (en) | Security system using infrared rays | |
Martin | WatchIt. A fully supervised identification, location and tracking system | |
CN108844180B (en) | Air conditioner and event monitoring method | |
CN208506919U (en) | A kind of intelligent safety and defence system | |
Kumar et al. | iDART-Intruder Detection and Alert in Real Time | |
US20240078894A1 (en) | Smoke alarm tamper protection device | |
EP3956874B1 (en) | System for managing a plurality of alarmed individual spaces | |
Abiodun et al. | Development of an Intruder Detection with Alert System Using Wireless Technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INVUE SECURITY PRODUCTS INC., NORTH CAROLINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GRANT, JEFFREY A.;LYNCH, LAURA ABBOTT;BOUCHAT, CHRIS;AND OTHERS;SIGNING DATES FROM 20211208 TO 20211217;REEL/FRAME:058928/0730 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |